felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(profile): general update.

Browse source
This commit is contained in:
Alexandre Pujol 2024-08-28 18:52:55 +01:00
parent c13aa711da
commit ec7715aaf3
No known key found for this signature in database
GPG key ID: C5469996F0DF68EC
16 changed files with 44 additions and 36 deletions
Download patch file Download diff file Expand all files Collapse all files

16
apparmor.d/groups/virt/cockpit-bridge
View file

@ -35,9 +35,18 @@ profile cockpit-bridge @{exec_path} {
@{exec_path} mr,
@{bin}/journalctl rPx,
@{lib}/cockpit/cockpit-pcp rPx,
@{lib}/cockpit/cockpit-ssh rPx,
@{bin}/cat ix,
@{bin}/date ix,
@{bin}/findmnt Px,
@{bin}/journalctl Px,
@{bin}/python3.@{int} ix,
@{bin}/ssh-agent Px,
@{bin}/sudo Px, # TODO: rCx -> privilieged ? or rix?
@{lib}/cockpit/cockpit-pcp Px,
@{lib}/cockpit/cockpit-ssh Px,
# The shell is not confined on purpose.
@{bin}/@{shells} Ux,
/usr/share/cockpit/{,**} r,
/usr/{,local/}share/ r,
@ -64,6 +73,7 @@ profile cockpit-bridge @{exec_path} {
@{sys}/fs/cgroup/**/ r,
@{sys}/fs/cgroup/**/cpu.{stat,weight} r,
@{sys}/fs/cgroup/**/memory* r,
@{sys}/kernel/kexec_crash_size r,
@{PROC}/ r,
@{PROC}/@{pids}/cgroup r,